protecting Z-push with modsecurity-apache (Debian)

I’m running WebApp & Z-Push on the same Apache2 server. While default recommended modsecurity (intrusion detection) config works flawlessly with WebApp, it blocks all Z-Push active-sync access. :(
If i disable modsecurity, it’s also disabled for WebApp.

Does anybody have any template or solution for modsecurity to allow Z-Push active-sync access?